Guide contents
Business Solution Guide
Clinical & Regulatory Document Management on AWS
Controlled authoring, versioning, submission support, and compliance trails on AWS infrastructure you control.
Clinical and regulatory document management is one of the most governance-intensive document processes in healthcare, life sciences, pharmaceuticals, medical devices, and regulated manufacturing. Regulatory submissions, clinical trial documentation, standard operating procedures, product specifications, validation protocols, quality records, and compliance reports all require controlled authoring, formal review and approval cycles, version management with full audit trails, and long-term retention under strict regulatory requirements — yet in most organizations, these documents are managed through legacy quality management systems, shared drives, or point solutions with no unified way to enforce authoring controls, track document lifecycle status, manage submissions, or demonstrate inspection readiness.
FormKiQ's Clinical & Regulatory Document Management solution provides the document layer for the full regulatory document lifecycle — from initial authoring and review through approval, controlled distribution, submission assembly, post-approval change management, and retention — deployed directly into your AWS account. AI-powered document analysis using Amazon Bedrock assists with document classification, regulatory cross-referencing, and content review. Controlled authoring workflows enforce draft, review, approval, and effective-date management. And the entire regulatory document record — every version, every approval, every distribution event — is stored, encrypted, and auditable within your own AWS environment.
The Regulatory Document Lifecycle
FormKiQ supports each stage of the regulatory document lifecycle within a governed, auditable platform:
| Stage | What Happens | How FormKiQ Handles It |
|---|---|---|
| Authoring | A new document is created — SOP, protocol, specification, submission component, quality record | Controlled authoring with check-out/check-in, co-authoring support, template-based document creation from governed templates |
| Review | Subject matter experts and stakeholders review the document | Multi-reviewer workflow with role-based task assignment (author, SME reviewer, quality assurance, regulatory affairs, medical, legal), comment tracking, and redline management |
| Approval | The document is formally approved by authorized signatories | Multi-step approval workflow with electronic signature, role-based approval authority, approval with conditions, and rejection with rationale — approval records immutably logged |
| Effective Date | The approved document becomes effective on a specified date | Effective-date metadata with automatic status transition from "approved" to "effective" — superseded versions automatically retired |
| Controlled Distribution | The effective document is distributed to authorized recipients | Distribution tracking with recipient acknowledgment — training-required flags trigger training management notifications |
| Periodic Review | Documents are reviewed on a defined schedule to confirm continued applicability | Periodic review scheduling with configurable review intervals by document type — review-due alerts, review workflow, re-approval or retirement |
| Change Control | A change to an effective document is initiated through a formal change-control process | Change-request workflow with impact assessment, change justification, review, approval, and implementation tracking — linked to the document being changed |
| Submission Assembly | Regulatory submission packages are compiled from governed documents | Submission assembly with document selection, sequence numbering, cross-reference verification, and submission-package metadata |
| Retirement | A document is formally retired and replaced or archived | Retirement workflow with supersession metadata linking the retired document to its replacement — retired documents retained per regulatory requirements |
| Retention & Archive | All versions of all documents are retained according to regulatory and organizational policy | Configurable retention policies by document type, regulatory framework, and jurisdiction — with legal hold and defensible disposition |
AI-Powered Regulatory Document Analysis with Amazon Bedrock
Regulatory document management involves complex cross-referencing, consistency checking, and classification tasks that traditionally require extensive manual review. FormKiQ's AI Processing and Analysis module — powered by Amazon Bedrock — assists regulatory and quality teams by classifying documents, identifying cross-references, and flagging content for review.
All AI processing runs within your AWS account through Amazon Bedrock, using supported large language models including Anthropic Claude, Amazon Nova, and other available models. Your regulatory content never leaves your cloud environment. Inference region controls allow you to specify which AWS regions are used for model processing.
What Bedrock Extracts from Regulatory Documents
| Extraction Type | What It Captures | How It's Used |
|---|---|---|
| Document Classification | Document type — SOP, work instruction, protocol, report, specification, validation record, submission component, correspondence, quality record | Classification metadata drives workflow routing, retention scheduling, and periodic review intervals |
| Regulatory Cross-References | References to regulatory standards (FDA 21 CFR, EU MDR, ICH guidelines, ISO standards, GxP requirements), internal document references, and external guidance references | Cross-reference metadata enables impact analysis when regulations change — identifying all documents that reference a specific standard |
| Key Entities | Product names, active ingredients, device identifiers, study identifiers, regulatory submission numbers, approval numbers, facility identifiers | Entity metadata enables product-level, study-level, and facility-level document portfolio views |
| Compliance Indicators | Deviation references, CAPA references, audit finding references, regulatory commitment references | Compliance metadata links documents to quality events and regulatory commitments for traceability |
| Content Sensitivity | Patient data, proprietary formulations, trade secrets, pre-decisional regulatory strategy, commercially confidential information | Sensitivity classification drives access controls and handling restrictions |
How AI Regulatory Document Analysis Works in FormKiQ
Document creation or upload
A regulatory document is created from a governed template or uploaded to FormKiQ
AI processing trigger
A document action triggers Amazon Bedrock analysis based on the document's type or classification
Classification and extraction
Bedrock classifies the document and extracts regulatory cross-references, key entities, compliance indicators, and sensitivity markers
Metadata application
Extracted data is applied to the document record as structured metadata, making it searchable and actionable
Cross-reference linking
Regulatory references are linked to the applicable standard or regulation, enabling impact analysis
Workflow routing
Classification metadata informs workflow routing for review, approval, and periodic review scheduling
Human verification
All AI-extracted metadata is available for regulatory affairs review and correction before operational reliance. AI analysis can be applied selectively to specific document types, regulatory frameworks, or lifecycle stages.
Electronic Signatures and Approval Records
Regulatory frameworks — particularly FDA 21 CFR Part 11 and EU Annex 11 — require that electronic signatures be linked to their respective electronic records and include the printed name, date/time, and meaning of the signature. FormKiQ's approval workflow captures:
| Record Element | What Is Captured |
|---|---|
| Signer identity | Authenticated user identity (linked to SSO / identity provider) |
| Signature meaning | Role-specific meaning — "Author," "Reviewed by," "Approved by," "Quality Approved by," "Effective Date Approved by" |
| Date and time | Timestamp of the signature event (UTC, with timezone metadata) |
| Document version | The specific document version to which the signature applies |
| Approval conditions | Any conditions attached to the approval — captured in the approval record |
| Rejection rationale | If rejected, the rationale is captured and the document is returned to the author with the rejection record |
| Immutability | Signature records are immutable — they cannot be modified or deleted after capture |
Submission Assembly
FormKiQ supports the assembly of regulatory submission packages from governed documents:
| Capability | Description |
|---|---|
| Document selection | Select governed documents for inclusion in a submission package — SOPs, protocols, reports, specifications, certificates |
| Sequence and structure | Organize selected documents into the submission structure required by the regulatory authority (e.g., eCTD modules for pharmaceutical submissions, 510(k) sections for device submissions) |
| Cross-reference verification | AI-assisted verification that all internal cross-references within the submission package resolve correctly |
| Submission metadata | Submission number, regulatory authority, submission type, product identifier, submission date, status |
| Version control | Submission packages versioned as a unit — amendments tracked as new submission versions with change documentation |
| Export | Submission packages exportable in the format required by the regulatory authority — with integrity verification |
Regulatory Document Metadata and Search
FormKiQ's metadata architecture provides structured classification for regulatory documents:
| Category | Example Fields |
|---|---|
| Document identity | Document number, document type (SOP, protocol, report, specification, work instruction, form, submission component), title, version |
| Product / Study | Product name, product code, active ingredient, study identifier, device identifier |
| Regulatory | Applicable regulations (21 CFR Part, EU MDR Article, ICH guideline, ISO standard), regulatory submission reference, approval number |
| Authoring | Author, department, effective date, review-due date, supersession reference |
| Classification | GxP classification (GMP, GCP, GLP, GDP), quality system element, document category, sensitivity level |
| Status | Draft, in review, approved, effective, superseded, retired, under change control |
| Training | Training required (yes/no), training audience, training completion status |
All metadata fields are searchable — enabling queries such as:
- All effective SOPs referencing a specific regulation or standard
- All documents approaching periodic review due date
- All documents in draft status for a specific product or study
- All documents associated with a specific regulatory submission
- All superseded documents retained for a specific regulatory framework
- All documents requiring training acknowledgment with incomplete training
Integration with Enterprise Systems
FormKiQ's Integration Framework Modules connect regulatory document management to the enterprise systems where regulatory data is consumed:
QMS / eQMS
Quality documents linked to the quality management system — SOPs, work instructions, and specifications synchronized with the QMS document hierarchy
CTMS
Clinical trial documents linked to the clinical trial management system — protocols, amendments, and reports associated with study records
RIMS
Regulatory submission documents linked to the regulatory information management system — submission components tracked alongside regulatory dossier records
ERP / MES
Manufacturing documents (batch records, specifications, work instructions) linked to production records — document version control synchronized with manufacturing execution
Training Management
Training-required documents linked to the learning management system — training assignments triggered by document effectivity, training completion tracked and associated with the document record. Particularly important for cGMP environments where personnel must be trained on current SOPs before performing regulated activities.
FormKiQ Editions for Clinical & Regulatory Document Management
Clinical & Regulatory Document Management is available as a Solution Layer on FormKiQ Advanced and Enterprise. The modules that power regulatory document management — AI Processing and Analysis, Controlled Authoring, Workflow Automation, and Integration Frameworks — are Capability Extension Modules available on Advanced and Enterprise editions.
| Capability | Core Foundation |
Essentials Operational |
Advanced AI + Automation |
Enterprise Full platform |
|---|---|---|---|---|
| Foundation | ||||
| Document Storage, API & Web Console | ||||
| Tagging, Search & Classification | ||||
| OCR (Tesseract) & Multi-Tenant Support | ||||
| Essentials and above | ||||
| SSO (SAML — Entra, Google, Auth0) | — | |||
| Workflows, Queues & Rulesets | — | |||
| Encryption (in-transit & at-rest) & Document Control | — | |||
| Advanced and Enterprise | ||||
| AI Processing & Analysis (Bedrock) | — | — | ||
| Document Generation | — | — | ||
| Controlled Authoring (Check-out/Check-in) | — | — | ||
| Electronic Signatures (21 CFR Part 11) | — | — | ||
| Integration Frameworks (QMS, CTMS, RIMS, ERP, LMS) | — | — | ||
| Solution Layers (Clinical & Regulatory) | — | — | ||
| Multi-Instance & Multi-Region Licensing | — | — | ||
| Enterprise only | ||||
| Vendor-Managed & Hybrid Deployment | — | — | — | |
| Custom SLAs & Compliance Consulting | — | — | — | |
| Support | ||||
| Support tier | Community (Slack & GitHub) | Support Portal (2-biz-day SLA) | Private Slack + videoconference + 40 hrs onboarding | Rapid response (8-biz-hr SLA) + strategic architecture support |
Compliance and Regulatory Alignment
| Framework | Requirements | FormKiQ Capabilities |
|---|---|---|
| FDA 21 CFR Part 11 | Electronic records and electronic signatures — audit trails, system validation, signature meaning, authority checks, record integrity | Immutable audit trails · Electronic signatures with meaning and identity · Version integrity · Access controls |
| FDA 21 CFR Parts 210/211 | Manufacturing document control — batch records, SOPs, specifications, deviation reports, CAPA documentation | Controlled authoring · Version management · Approval workflows · Retention enforcement |
| EU GMP Annex 11 | Computerized systems — data integrity, audit trails, electronic signatures, validated systems | Immutable audit trails · Electronic signatures · Access controls · Version integrity |
| EU MDR (2017/745) | Medical device technical documentation, clinical evaluation reports, post-market surveillance records | Document control · Submission assembly · Periodic review · Retention enforcement |
| EU IVDR (2017/746) | In-vitro diagnostic device technical documentation, performance evaluation reports | Document control · Submission assembly · Regulatory cross-referencing |
| ICH Guidelines (Q7, Q10, E6) | Quality system documentation (Q7/Q10), clinical trial documentation (E6/GCP) | Controlled authoring · Approval workflows · Training management integration · Retention |
| ISO 13485 | Quality management system for medical devices — document control, records management | Document control · Version management · Periodic review · Training integration |
| ISO 9001 | Quality management system — documented information control | Document control · Version management · Periodic review · Distribution tracking |
| Health Canada & TGA | Drug and device documentation, establishment licensing, therapeutic goods documentation | Controlled authoring · Submission assembly · Regional deployment (ca-central-1 / ap-southeast-2) |
| MHRA (UK) | Medicines and devices documentation, GxP compliance, post-Brexit regulatory submissions | Document control · Submission assembly · Audit trails · Regional deployment (eu-west-2) |
| ALCOA+ (Data Integrity) | Attributable, Legible, Contemporaneous, Original, Accurate + Complete, Consistent, Enduring, Available | Immutable audit trails · Version integrity · Electronic signatures · Access controls · Retention enforcement |
Whether a FormKiQ deployment satisfies any specific framework depends on configuration and must be validated by your legal and compliance teams.
Who Uses Clinical & Regulatory Document Management on AWS
Pharmaceuticals
Document types
SOPs, batch records, validation protocols/reports, regulatory submissions (eCTD), stability reports, deviation/CAPA documentation
Key drivers
FDA, EMA, Health Canada, ICH, cGMP, data integrity
Medical Devices
Document types
Design history files, risk management files (ISO 14971), technical documentation (EU MDR), 510(k)/PMA submissions, post-market surveillance
Key drivers
FDA, EU MDR, ISO 13485, design controls
Biotechnology
Document types
Research protocols, manufacturing procedures, quality agreements, regulatory submissions, clinical protocols
Key drivers
FDA, EMA, GMP, GCP, biosafety regulations
Clinical Research / CRO
Document types
Clinical protocols, investigator brochures, informed consent forms, clinical study reports, TMF documents
Key drivers
ICH E6, GCP, IRB/ethics documentation, TMF reference model
Contract Manufacturing (CDMO/CMO)
Document types
Manufacturing procedures, specifications, quality agreements, batch records, stability protocols
Key drivers
cGMP, client quality agreements, multi-client document segregation
Food, Beverage & Regulated Manufacturing
Document types
HACCP plans, SOPs, specifications, audit records, quality procedures, calibration records
Key drivers
FDA FSMA, CFIA, EU food safety regulations, GFSI schemes, ISO 9001/14001
Deployment Models
Every deployment is a dedicated, isolated instance in an AWS account owned by or designated by the customer. FormKiQ does not operate a shared multi-tenant environment.
- Customer-Managed AWS — deploys directly into your AWS account via CloudFormation; full control of infrastructure, networking, encryption keys, and operations; available on all editions
- Vendor-Managed — FormKiQ manages the AWS infrastructure on your behalf; available on Enterprise
- Hybrid — you retain control of specific components while delegating operational management to FormKiQ; available on Enterprise
Getting Started
FormKiQ Core can be deployed to your AWS account in fifteen to twenty minutes using a one-click install via AWS CloudFormation. Clinical & Regulatory Document Management capabilities — including AI Processing and Analysis, Controlled Authoring, Electronic Signatures, and Workflow Automation — are available on FormKiQ Advanced and Enterprise.
For organizations evaluating regulatory document management on AWS, FormKiQ offers a Proof-of-Value program — a three-month deployment in a FormKiQ-managed AWS environment that provides full platform access in a non-production setting.
Start with FormKiQ Core
The open-source foundation — API-first, deployable into your own AWS account, and free to use. Right for architecture validation and early implementation.
Get Started Free →Deploy Advanced or Enterprise
Production-ready editions with Controlled Authoring, Electronic Signatures, AI Processing, and Integration Frameworks. Start with a Proof-of-Value deployment or go straight to production.
Explore Options →Plan an Enterprise Rollout
For GxP environments requiring 21 CFR Part 11 compliance, data residency, and multi-system integration. Talk to us about the right deployment model.
Book a Call →Frequently Asked Questions
What is clinical and regulatory document management on AWS?
Clinical and regulatory document management on AWS refers to managing the full regulatory document lifecycle — controlled authoring, review, approval, distribution, periodic review, change control, submission assembly, and retention — on a platform deployed within your own Amazon Web Services environment. This gives organizations full control over regulated content, encryption, access, and audit trails without depending on a vendor-hosted platform.
How does FormKiQ address FDA 21 CFR Part 11 requirements?
FormKiQ provides the technical controls required by 21 CFR Part 11 — immutable audit trails capturing who did what and when, electronic signatures linked to records with signer identity, date/time, and signature meaning, access controls limiting system access to authorized individuals, and version integrity preventing unauthorized modification. Organizations are responsible for implementing the procedural controls (SOPs, validation, training) required to establish Part 11 compliance within their specific regulated environment.
How does FormKiQ use Amazon Bedrock for regulatory documents?
FormKiQ's AI Processing and Analysis module uses Amazon Bedrock to classify regulatory documents, extract regulatory cross-references, identify key entities, and flag compliance indicators. All AI processing runs within your AWS account. Regulatory content never leaves your cloud environment, and inference region controls ensure processing stays within your data residency boundaries. AI-extracted metadata is available for regulatory affairs review and correction before operational reliance.
Can FormKiQ support eCTD or other submission formats?
FormKiQ supports submission assembly — selecting governed documents, organizing them into the required submission structure, verifying cross-references, and exporting the submission package. For eCTD-specific publishing (XML backbone generation and validation), FormKiQ integrates with eCTD publishing tools through the Integration Framework while serving as the system of record for the governed source documents.
How does FormKiQ handle periodic document review?
FormKiQ supports configurable periodic review intervals by document type — SOPs reviewed every two years, specifications reviewed annually, for example. Review-due alerts notify document owners and quality assurance at defined intervals before the review date. The periodic review workflow includes review confirmation (document remains current), revision initiation (document requires update), or retirement initiation (document is no longer needed).
Does FormKiQ replace a quality management system?
FormKiQ provides the governed document layer for quality management — controlled authoring, version management, approval workflows, distribution tracking, periodic review, and retention. It integrates with eQMS platforms through the Integration Framework, so quality documents are managed within FormKiQ's document control environment while the QMS retains its role for quality event management (deviations, CAPAs, change controls, audits).
How does FormKiQ support training management for regulatory documents?
FormKiQ tracks training-required status at the document level — when a document becomes effective, training-required flags trigger notifications to the learning management system through the Integration Framework. Training completion status is tracked as document metadata, enabling reporting on which effective documents have incomplete training assignments. This is particularly important for cGMP environments where personnel must be trained on current SOPs before performing regulated activities.
Talk to FormKiQ About Clinical & Regulatory Document Management
Platform · Solutions · Regulated Industries Guide · Deployment and Compliance